Provisioning AWS Resources Using Terraform

Terraform is a tool for provisioning Infrastructure as Code (Iac). It can provision infrastructure on your machine or any cloud provider and automatically deploy the infrastructure from code without any manual intervention.

In this Cloud Lab, you’ll start by learning about Terraform. You’ll provision an infrastructure locally using Terraform and will learn about the Terraform code blocks. You’ll also create an S3 bucket on AWS, allowing public access to the bucket contents, and upload an object to the S3 bucket. Then, you’ll create a Lambda function to access the bucket’s contents using Terraform. You’ll create an IAM role for the Lambda function as well. Lastly, you’ll create a security group and set up a React application on the EC2 instance through Terraform.

By the end of this Cloud Lab, you’ll be able to provision infrastructure on AWS using Terraform. These skills are essential for mastering IaC and transforming manual processes into efficient, version-controlled infrastructures.

The following is the high-level architecture diagram of the infrastructure that you’ll create in this Cloud Lab:

Why infrastructure as code matters on AWS

Manually creating cloud resources through a console doesn’t scale. It’s slow, error-prone, and nearly impossible to reproduce reliably. Infrastructure as code (IaC) solves this by letting you define cloud resources in files that can be versioned, reviewed, and applied consistently.

Terraform is widely used for IaC because it’s declarative: you describe the desired end state, and Terraform figures out how to reach it. That shift from “clicks” to “code” is what enables teams to treat infrastructure with the same discipline as application development.

How Terraform works at a high level

A typical Terraform workflow has a few core concepts:

• Providers: Providers (such as AWS) tell Terraform how to interact with a platform’s APIs and manage resources.

• Resources: Resources define what you want to create, networks, compute, storage, permissions, and more.

• State: State tracks what Terraform believes exists in the real world. It’s how Terraform knows what to create, update, or destroy when you apply changes.

• Plan and apply: terraform plan shows you what will change before anything happens. terraform apply executes those changes. This two-step process is a major safety feature.

What Terraform is commonly used for on AWS

Terraform is often used to provision:

• VPCs, subnets, and networking components

• Compute resources (instances, autoscaling, managed services)

• Storage and databases

• IAM roles and policies

• Supporting services for platforms and pipelines

As projects grow, teams typically add modules, remote state backends, and CI/CD pipelines to manage Terraform at scale.

Common Terraform design decisions to get right early

A few choices make a big difference in long-term maintainability:

• State management: Remote state with locking is safer than local state.

• Modularity: Reusable modules reduce duplication and errors.

• Separation of concerns: Many teams separate foundational infrastructure from application-specific resources.

• Variables and outputs: Make configurations flexible without hardcoding values.

• Permissions: Run Terraform with least-privilege credentials whenever possible.

When Terraform is (and isn’t) the right tool

Terraform is a great fit when you need repeatable, auditable infrastructure across environments. It’s less ideal for one-off experiments or extremely dynamic resources that change outside Terraform’s control, unless you invest in robust state management and workflows.

The goal isn’t to automate everything immediately, it’s to make infrastructure predictable.